{"id":4083,"url":"https://patchwork.libcamera.org/api/patches/4083/?format=json","web_url":"https://patchwork.libcamera.org/patch/4083/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20200619054123.19052-4-paul.elder@ideasonboard.com>","date":"2020-06-19T05:41:09","name":"[libcamera-devel,v2,03/17] v4l2: v4l2_camera_proxy: Check for null arg values in main ioctl handler","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"f972fd396c8a0d05f2c78956845a8cfb5cb481ae","submitter":{"id":17,"url":"https://patchwork.libcamera.org/api/people/17/?format=json","name":"Paul Elder","email":"paul.elder@ideasonboard.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/4083/mbox/","series":[{"id":1017,"url":"https://patchwork.libcamera.org/api/series/1017/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=1017","date":"2020-06-19T05:41:06","name":"Support v4l2-compliance","version":2,"mbox":"https://patchwork.libcamera.org/series/1017/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/4083/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/4083/checks/","tags":{},"headers":{"Return-Path":"<paul.elder@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 43972603BF\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tFri, 19 Jun 2020 07:41:42 +0200 (CEST)","from jade.flets-east.jp (unknown\n\t[IPv6:2400:4051:61:600:e972:d773:e99a:4f79])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id BF14D556;\n\tFri, 19 Jun 2020 07:41:40 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"oNNbvBke\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1592545302;\n\tbh=qsEFtr5cbT/jPDimSbuKHA1vG1SLI29s7gEV9/ny+18=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=oNNbvBkeuA+dvOgyZXYwuTft8pwS5+7mNfC1C2LPN7CJt8mQKWXkjuREP8p+LprcV\n\t2uHDmG54dxNiSb+K/mdLS+twKIYdaqDLVmXS22IBbam/4zUYVtLN58Zgv9gRUau0V/\n\t/9gZd/I5XkJYYiE4YW7cEy2pfknZzzrn+LzT9+Ag=","From":"Paul Elder <paul.elder@ideasonboard.com>","To":"libcamera-devel@lists.libcamera.org","Date":"Fri, 19 Jun 2020 14:41:09 +0900","Message-Id":"<20200619054123.19052-4-paul.elder@ideasonboard.com>","X-Mailer":"git-send-email 2.27.0","In-Reply-To":"<20200619054123.19052-1-paul.elder@ideasonboard.com>","References":"<20200619054123.19052-1-paul.elder@ideasonboard.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH v2 03/17] v4l2: v4l2_camera_proxy: Check\n\tfor null arg values in main ioctl handler","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Fri, 19 Jun 2020 05:41:42 -0000"},"content":"The ioctl handlers currently don't check if arg is null, so if it ever\nis, it will cause a segfault. Check that arg is null and return -EFAULT\nin the main vidioc ioctl handler.\n\nSigned-off-by: Paul Elder <paul.elder@ideasonboard.com>\n\n---\nChanges in v2:\n- moved !arg check to main ioctl handler, and added a set of supported\n  ioctls\n- use !arg instead of arg == nullptr\n---\n src/v4l2/v4l2_camera_proxy.cpp | 27 +++++++++++++++++++++++++--\n src/v4l2/v4l2_camera_proxy.h   |  3 +++\n 2 files changed, 28 insertions(+), 2 deletions(-)","diff":"diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp\nindex f06f58d..cff6562 100644\n--- a/src/v4l2/v4l2_camera_proxy.cpp\n+++ b/src/v4l2/v4l2_camera_proxy.cpp\n@@ -11,6 +11,7 @@\n #include <array>\n #include <errno.h>\n #include <linux/videodev2.h>\n+#include <set>\n #include <string.h>\n #include <sys/mman.h>\n #include <unistd.h>\n@@ -238,7 +239,6 @@ int V4L2CameraProxy::vidioc_enum_fmt(V4L2CameraFile *cf, struct v4l2_fmtdesc *ar\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_enum_fmt fd = \" << cf->efd();\n \n-\n \tif (!validateBufferType(arg->type) ||\n \t    arg->index >= streamConfig_.formats().pixelformats().size())\n \t\treturn -EINVAL;\n@@ -255,7 +255,6 @@ int V4L2CameraProxy::vidioc_g_fmt(V4L2CameraFile *cf, struct v4l2_format *arg)\n {\n \tLOG(V4L2Compat, Debug) << \"Servicing vidioc_g_fmt fd = \" << cf->efd();\n \n-\n \tif (!validateBufferType(arg->type))\n \t\treturn -EINVAL;\n \n@@ -543,8 +542,32 @@ int V4L2CameraProxy::vidioc_streamoff(V4L2CameraFile *cf, int *arg)\n \treturn ret;\n }\n \n+std::set<unsigned long> V4L2CameraProxy::supportedIoctls_ = {\n+\tVIDIOC_QUERYCAP,\n+\tVIDIOC_ENUM_FMT,\n+\tVIDIOC_G_FMT,\n+\tVIDIOC_S_FMT,\n+\tVIDIOC_TRY_FMT,\n+\tVIDIOC_REQBUFS,\n+\tVIDIOC_QUERYBUF,\n+\tVIDIOC_QBUF,\n+\tVIDIOC_DQBUF,\n+\tVIDIOC_STREAMON,\n+\tVIDIOC_STREAMOFF,\n+};\n+\n int V4L2CameraProxy::ioctl(V4L2CameraFile *cf, unsigned long request, void *arg)\n {\n+\tif (supportedIoctls_.find(request) == supportedIoctls_.end()) {\n+\t\terrno = ENOTTY;\n+\t\treturn -1;\n+\t}\n+\n+\tif (!arg) {\n+\t\terrno = EFAULT;\n+\t\treturn -1;\n+\t}\n+\n \tint ret;\n \tswitch (request) {\n \tcase VIDIOC_QUERYCAP:\ndiff --git a/src/v4l2/v4l2_camera_proxy.h b/src/v4l2/v4l2_camera_proxy.h\nindex 43290ca..dd7e793 100644\n--- a/src/v4l2/v4l2_camera_proxy.h\n+++ b/src/v4l2/v4l2_camera_proxy.h\n@@ -11,6 +11,7 @@\n #include <linux/videodev2.h>\n #include <map>\n #include <memory>\n+#include <set>\n #include <sys/mman.h>\n #include <sys/types.h>\n #include <vector>\n@@ -67,6 +68,8 @@ private:\n \tstatic PixelFormat v4l2ToDrm(uint32_t format);\n \tstatic uint32_t drmToV4L2(const PixelFormat &format);\n \n+\tstatic std::set<unsigned long> supportedIoctls_;\n+\n \tunsigned int refcount_;\n \tunsigned int index_;\n \n","prefixes":["libcamera-devel","v2","03/17"]}